ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gov Regulatory

v1.0.0

Federal Register rules, notices, and agency documents. 4 tools for regulatory monitoring.

0· 393·1 current·1 all-time
byMartin@martc03
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Federal Register/regulatory monitoring) matches the instructions: the SKILL instructs the agent to register/query an external MCP server that provides Federal Register data. The only required binary is 'mcporter', which is reasonable for adding MCP servers.
Instruction Scope
Instructions only tell the agent to run 'mcporter add' or add an entry to ~/.openclaw/mcp.json and then call the declared tools (reg_search_documents, reg_get_document, etc.). This stays within the stated purpose. Note: adding the remote server means query terms (user queries) will be sent to that third‑party endpoint.
Install Mechanism
No install spec or code files are provided (instruction-only), so nothing is written to disk by the skill itself. Risk depends on the external 'mcporter' binary being present and trustworthy, but that is a user decision outside the skill.
Credentials
The skill requests no environment variables or credentials. The only config change it suggests is adding an MCP server entry to ~/.openclaw/mcp.json, which is proportional to its purpose.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request permanent privileges or attempt to modify other skills or system-wide settings beyond adding its own MCP server entry.
Assessment
This skill is coherent for regulatory monitoring, but before installing: verify you trust the remote MCP server (https://regulatory-monitor-mcp.apify.actor) because your query terms and returned data will flow through that third party; review the linked GitHub repo (homepage) if possible; ensure the 'mcporter' binary you use is from a trusted source; do not send sensitive or private data in queries to the external service; if you want stronger assurance, run queries manually against official Federal Register APIs or host your own trusted mirror rather than registering an external actor server in your MCP config.

Like a lobster shell, security has layers — review code before you run it.

latestvk971zmfgjxdtwkz4b0qa14hnk181z3yb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📜 Clawdis
Binsmcporter

Comments